This made impossible to perform mTLS tests when Acra and PostgreSQL
are located on different hosts.
That certificate may be integrated in some pre-built Docker images, so
we intentionally do not revoke it. Here we just remove it from the repository
and regenerated with both postgresql and localhost names in SAN. So all
newer images will contain this certificate.
Also here we configured unique_subject = no in tests/ssl/ca/index.txt.attr to
make it possible to not revoke previous certificate to regenerate it
with the same name.
The new certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:77:0d:64:b2:ad:5f:80:ac:30:21:f9:da:d5:13:e2:ad:89:74:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT, CN=Test CA certificate
Validity
Not Before: Feb 22 19:52:56 2022 GMT
Not After : Feb 10 19:52:56 2072 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT, CN=Test leaf certificate (postgresql)
...
X509v3 Subject Alternative Name:
DNS:localhost, DNS:postgresql
Previous certificate didn't contain
postgresqlname in SAN, justlocalhost:This made impossible to perform mTLS tests when Acra and PostgreSQL are located on different hosts.
That certificate may be integrated in some pre-built Docker images, so we intentionally do not revoke it. Here we just remove it from the repository and regenerated with both
postgresqlandlocalhostnames in SAN. So all newer images will contain this certificate.Also here we configured
unique_subject = noin tests/ssl/ca/index.txt.attr to make it possible to not revoke previous certificate to regenerate it with the same name.The new certificate: